VYPR
High severity7.2NVD Advisory· Published May 13, 2026· Updated May 15, 2026

CVE-2026-44380

CVE-2026-44380

Description

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within the same organization. Because non-site administrators were not explicitly prevented from accessing or resetting site administrator auth keys, an attacker with organization administrator privileges could potentially obtain a newly generated auth key for a higher-privileged account and use it to escalate privileges. This vulnerability is fixed in 2.5.37.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Misp/Misp2 versions
    cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*range: <2.5.37
    • (no CPE)range: <2.5.37

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.